Fwd: RE: (RADIATOR) Radiator througt Firewall
Sergio Gonzalez
sagonzal at sky.net.co
Fri Nov 2 12:36:26 CST 2001
*This message was transferred with a trial version of CommuniGate(tm) Pro*
thanks... i think it worked....
:-)
>I've used IPFW which has similarly formatted rules..
>
>Try:
>
>1st.. allow all from radius to target
>2nd.. allow all from target to radius
>
>
>
> > -----Original Message-----
> > From: owner-radiator at open.com.au [mailto:owner-radiator at open.com.au]On
> > Behalf Of Sergio Gonzalez
> > Sent: Friday, November 02, 2001 09:29
> > To: radiator at open.com.au
> > Subject: (RADIATOR) Radiator througt Firewall
> >
> >
> > *This message was transferred with a trial version of CommuniGate(tm) Pro*
> > Hello there:
> >
> >
> > I been working in an ipchains rule set to allow radius clients to access
> > radius server (Radiator) that is behind the FW.
> >
> > I did this:
> >
> > allow from any 1024:65535 to radius.server 1645 bidirectional proto udp
> > allow from any 1024:65535 to radius.server 1646 bidirectional proto udp
> >
> > Here I have 2 kinds of RASes. One is a Hiper-ARC based one and
> > the other is
> > a Patton. The weird thing is patton doesn't send authentication or
> > accounting packets above 1024 port, it does from 513 causing users not to
> > get connected. So, I tailored that into my rule set like this
> >
> > allow from any 513 to radius.server 1645 bidirectional proto udp
> > allow from any 513 to radius.server 1646 bidirectional proto udp
> >
> > But, I'm still having problems. When I applied the rule set, the patton
> > cease to authenticate users again.
> >
> > Any body knows what should be the problem?. Is patton using any
> > other port
> > to connect to Radius server?. Or is radius server using another port
> > different from 1645:1646?
> >
> > Thanks in advance
> >
> >
> > Sergio Alejandro Gonzalez
> > Director Operativo
> > SkyNet de Colombia.
> > Bogota, Colombia, South America.
> > 57 (+1) 6 422 020
> > 57 (+3) 7 285 094
> >
> > ===
> > Archive at http://www.open.com.au/archives/radiator/
> > Announcements on radiator-announce at open.com.au
> > To unsubscribe, email 'majordomo at open.com.au' with
> > 'unsubscribe radiator' in the body of the message.
> >
Sergio Alejandro Gonzalez
Director Operativo
SkyNet de Colombia.
Bogota, Colombia, South America.
57 (+1) 6 422 020
57 (+3) 7 285 094
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list